Digital IT

IT Security

Parking Fine Scam - a number of colleagues have received a spam email regarding parking fines from UKPC Parking Control . Estates & Property Services have advised that the University car park contractor would never send colleagues an email in this way.

You are responsible for all ICT activity that takes place under your username, so protect it with a password and follow these tips:

Passwords must be at least nine characters long

Your password must use a mix of different characters, i.e. numbers, capital letters, lowercase letters.

The use of special characters and punctuation is encouraged but not mandatory.

Make sure you can remember it, but that no-one else can guess it. Try using the first letter of each word in a memorable saying, phrase or even a sentence e.g. 'My favourite time of the year is summer' makes the password: #Mft0ty1S#

Change your password at regular intervals, as any password can be cracked if given long enough. Guidance on how to reset your password is described within the IT Accounts service description. Options are available to change your password from within the campus and if you're off-campus.

Do not select the save password option in applications - it means your account could be misused, making any misuse your problem.

If you think your account may have been compromised, and you've already changed your password, email ITS-ServiceDesk@salford.ac.uk to notify the ITS team of your concerns.

Lock your workstation or logout if you need to leave it, even if only for a few minutes. Press Ctrl, Alt and Delete keys and select Lock Workstation or Logout.

Help! I've disclosed my password

If you have disclosed your password or think your account has been compromised, change your password immediately. You can do this by..

Although the university's email system incorporates advanced security features, it is important to understand that email security features are never guaranteed to detect all malicious or otherwise-undesirable emails; it is therefore vital that email system users remain vigilant when handling incoming emails.

Messages which, as a result of the University email system's security features, are detected as being offensive are either prevented outright from being delivered to the intended recipient, or they may simply have an offensive attachment removed.

Spam email is the electronic equivalent of junk mail. The term refers to unsolicited, and often unwanted material which is at best, annoying and at worst, malicious – causing considerable harm to your computer and yourself.

How to spot Spam

Spam emails may feature some of the following warning signs:

You don’t know the sender.

Contains misspellings designed to fool spam filters.

Makes an offer that seems too good to be true.

The subject line and contents do not match.

Contains an urgent offer end date (for example “Buy now and get 50% off”).

Contains a request to forward an email to multiple people, and may offer money for doing so.

Phishing is a scam where criminals typically send emails to thousands of people. These emails pretend to come from banks, credit card companies, online shops and auction sites as well as other trusted organisations. They usually try to trick you into going to the site, for example to update your password to avoid your account being suspended. The embedded link in the email itself goes to a website that looks exactly like the real thing but is actually a fake designed to trick victims into entering personal information.

How to spot a Phishing email

The email itself can also look as if it comes from a genuine source. Fake emails sometimes display some of the following characteristics, but as fraudsters become smarter and use new technology, the emails may have none of these characteristics. They may even contain your name and address.

The sender’s email address may be different from the trusted organisation’s website address.

The email may be sent from a completely different address or a free webmail address.

The email may not use your proper name, but a non-specific greeting such as “Dear customer.”

A sense of urgency; for example the threat that unless you act immediately your account may be closed.

A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.

A request for personal information such as username, password or bank details.

You weren't expecting to get an email from the organisation that appears to have sent it.

The entire text of the email may be contained within an image rather than the usual text format. The image contains an embedded link to a bogus site

Knowing how to avoid scams, spam and phishing is a critical life skill. Fortunately, simple safety measures will help you dodge the risks.

Slow down, spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.

Do not open emails which you suspect as being scams.

Do not open attachments from unknown sources.

Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.

Anti-virus and anti-malware software helps to protect your computer from viruses, worms and other malicious software. However the protection is only as good as the last update, as new viruses and malware are released every day.

Use one anti-virus product (more than one may conflict with each other)

There are a number of free products for non-commercial use, these include:

Common symptoms of a virus infection:

How to recover from a virus infection

Check that your virus definitions are up to date (View the program's Help - About screen to check for the last update). If more than two days, manually apply an update from the anti-virus provider's site, then disconnect from the internet before:

Running a complete scan;

Cleaning/disinfecting any viruses found.

Also scan and disinfect any external drives e.g. USB memory sticks and disks, otherwise you will keep re-infecting your computer.

If symptoms persist, start the machine in Safe Mode. To do this press F8 during start-up (before the Windows Start-up Menu is displayed) and then select Safe Mode. This means the PC will start-up in a minimal configuration, with only essential parts of Windows loaded. Then repeat the above actions—run the complete scan etc. If symptoms still persist, the only remaining option is to reinstall Windows using the original disks.

If you require further assistance, please bring your device to the IT Drop In

I use a Mac and they can't get virus infections

Wrong! This is a commonly held belief. Although Windows based machines are more prone to infection (due to high numbers of Windows users worldwide) Macs can still get virus infected. It is less common for a Mac or Linux run computer to have a virus infection, but virus writers are widening their scope and targeting anything connected to the internet. Anti-virus products are available for these machines, so get searching and apply the same protection principles as advised for Windows users.

Remember that you need to have an up to date operating system and antivirus product before connecting to the University’s network.

Any computer, Mac or PC, connected to the internet is vulnerable to viruses, spyware and hacking attacks. University owned and managed computers should have these security settings and protection as standard. However, if you have a computer/laptop at home or in halls, you'll also need to implement these security measures. It is a lot easier (and much less technical) to protect your computer than you think.

Operating system (OS) - does all the background things to make your computer work e.g. Vista, Windows 7 & 10 or Mac OS X. The OS is only as secure as the day it was written and there are lots of hackers and viruses that take advantage of out of date operating systems, so you must get regular updates.

Check that Windows updates are turned on:

Click the “Start” button. In the search box, type Update, and then, in the list of results, click Windows Update.

In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.

In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.

If your University supplied device doesn't appear to have anti virus software installed;

If your device's updates are not current—they should be within 3 days;

You suspect that your University supplied device has a virus infection.

Operating system updates

Any computer—Mac, Windows or otherwise—connected to the internet is vulnerable to viruses, spyware and hacking attacks. University-owned/managed computers should always have automatic operating system updates turned on as standard.

The operating system (OS) - does all the background things to make your computer work e.g. Windows Vista, 7 or 10, or Mac OS X. The OS is only as secure as on the last occasion when it was updated, and lots of hackers and viruses exploit out-of-date operating systems; so staying up to date with regular updates is imperative. You will receive alerts when updates are released and you are encouraged to install them at your earliest convenience. If the updates are not done, they will be applied automatically a week after release.

An information security incident is an actual or possible breach of the University's security policies and can include:

Inappropriate or offensive Internet use;

Lost or stolen laptop, smart phone, memory stick or other IT equipment;

Harassment by email or web abuse;

Hacking or virus transmission;

Log-in misuse and password sharing;Unauthorised access to or disclosure of information.

Report any concerns to the ITS Service Desk. The report is passed to the University IT Security Emergency Response Team (ITSERT) who respond to and manage investigations into information security incidents and ICT Acceptable Use Policy breaches.

ITSERT will deal with all reports in strictest confidence, sharing information only with individuals who need to be involved in the investigation. All information and investigation material will be stored securely.

All investigations are handled in line with the University's Acceptable Use Policy, and with relevant legislation. In some cases, requests for investigation may require completion of an ITSERT Investigation Authorisation form

You should always report your concerns because misuse could damage the University network, be illegal or have a negative impact on the University's reputation. All of these can have a negative effect on your studies or job with the University. By reporting your concerns, you are providing the best opportunity to prevent any recurrence and to limit damage to the University.

Identity theft happens when fraudsters access enough information about someone's identity (such as their name, date of birth, current or previous addresses) to commit identity fraud. Identity theft can have a direct impact on your personal finances and could also make it difficult for you to obtain loans, credit cards or a mortgage until the matter is resolved.

What can I do online to protect myself from identity theft?

Most people are aware that they should protect their information in real life, for example by shredding documents with financial or personal details. However, there are many ways fraudsters can gather this information online as well. Prevent identity theft by:

University IT Services will NEVER request your password in an email.

Stop and use common sense - you wouldn't give bank details or a password to a stranger in the street, so don't give this information in response to an email.

Don't reply to, or click unsubscribe on spam/marketing emails; this just confirms your email address and you'll get more not less - delete the email.

Don't open attachments or links in emails unless you were expecting the email - delete the email.

Check that websites are secure before entering personal or financial details

Users should note that the University's access to the internet is solely through the JANET network and that violations of the JANET AUP could potentially lead to this access being withdrawn.All users of the University network are required to comply with the approved University Policies, Standards, relevant legislation and contractual requirements, and should seek advice when in doubt.

The University ICT Acceptable Use Policy (AUP) contains common sense rules about use of the University ICT facilities which will protect and preserve the facilities for all users. The AUP prohibits and blocks access to websites and content that are illegal or are categorised as obscene/tasteless; hate and discrimination; malicious content such as virus and spyware, as well as illegal download or upload of copyright protected material using peer 2 peer filesharing.

Copyright infringements (downloading or uploading copyrighted material without the copyright owners permission) constitute theft. It is illegal and therefore affects the University reputation. For more advice on copyright issues go to www.infogov.salford.ac.uk/copyright/ . Using torrent or other peer-2-peer filesharing to download or upload illegally obtained copyright protected material may result in: being disconnected from the University ICT facilities; and having to pay a £100 AUP reconnection fee.

Where there is a justified University business need for an individual to access prohibited websites / material, this can be supported. Please complete and submit the Prohibited Internet Access form to IT Services. The form gives clear instruction on the completion and authorisations, as well as advice required.